06-14-2007 03:09 AM
Hi,
I have sort of a problem with CSS 11501 (ios 8.20.1.01).
The desigh is:
client(http) -internet-> router -> checkpoint(nat) -> css -> backe-end server. CSS, checkpoind, back-end server are in the same subnet. CSS performs SSL termination.
I want to have automatic redirection from http to https, so when the remote client connects to CSS with http he's redirected to https. The client enter login/pass info but this info is lost after redirection and it's nesessary to enter login/pass again.
Note: If I connect to https directly I'm able to login without problems.
CSS config:
!************************** CIRCUIT **************************
circuit VLAN112
ip address 10.112.0.3 255.255.0.0
circuit VLAN114
ip address 10.114.0.3 255.255.0.0
!*********************** SSL PROXY LIST ***********************
ssl-proxy-list rrssl1
ssl-server 1
ssl-server 1 dhparam ...
ssl-server 1 rsacert ...
ssl-server 1 rsakey ...
ssl-server 1 cipher rsa-export1024-with-des-cbc-sha 10.112.0.107 80
ssl-server 1 vip address 10.112.0.241
!************************** SERVICE **************************
service secure-transfer
type redirect
no prepend-http
ip address 2.2.2.2
keepalive type none
domain "https://test1.abc.com"
active
service sslservice
type ssl-accel
add ssl-proxy-list rrssl1
slot 2
keepalive type none
active
!*************************** OWNER ***************************
owner test
content default-redirect
protocol tcp
port 80
url "/*"
vip address 10.112.0.241
add service secure-transfer
active
content ssl-rule
protocol tcp
port 443
add service sslservice
vip address 10.112.0.241
active
Tnx a lot in advance for any comments.
06-14-2007 03:33 AM
the CSS itself is not involved in the login process.
If you have to login in HTTP, it means the login is requested before you get to the CSS.
[the CSS would just forward a redirect and will not request any login and will not connect to the server].
So, the checkpoint firewall is probably doing the login.
You should check there for help.
Gilles.
06-14-2007 04:10 AM
The back-end server performed authentication after redirection http -> https, the firewall does no authentication. The problem was solved , unfortunatly it was not an issue that could be resolved via the css. We had to resort to manually editing the html file.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: